Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Syntax and grammar fix

...

  • tlsenable=yes - Enable TLS server, default is no
  • tlsbindaddr=<ip address> - Specify IP address to bind TLS server to, default is 0.0.0.0
  • tlscertfile=</path/to/certificate> - The server's certificate file. Should include the key and certificate. This is mandatory if you're going to run a TLS server.
  • tlscafile=</path/to/certificate> - If the server your you're connecting to uses a self signed certificate you should have their certificate installed here so the code can verify the authenticity of their certificate.
  • tlscapath=</path/to/ca/dir> - A directory full of CA certificates. The files must be named with the CA subject name hash value. (see man SSL_CTX_load_verify_locations for  for more info)
  • tlsdontverifyserver=yes - If set to to yes, don't verify the servers certificate when acting as a client. If you don't have the server's CA certificate you can set this and it will connect without requiring tlscafile to  to be set. Default is no.
  • tlscipher=<SSL cipher string> - A string specifying which SSL ciphers to use or not use. A list of valid SSL cipher strings can be found at http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS

...